Forefront Identity Manager 2010 Certificate Management smart card self-service allows domain users to log on to FIM CM web portal and manage their own smart cards. This registration model typically does not implement any manager intervention or approval. The user is the only one involved in the entire process. The user initiates the request and then executes the request.

In this model, the following process is implemented:

A user initiates a smart card certificate request.

The user executes the request and a smart card is issued.

This document will demonstrate how to enable this functionality in a test lab.

In This Guide

This guide contains instructions for setting up a test lab based on the Test Lab Guide: Demonstrating Forefront Identity Manager 2010 Certificate Management User Smart Card Self-Service. This is achieved by configuring Forefront Identity Manager 2010 Certificate Management using the environment that was built out in the preceding test lab guides. This lab also requires a client machine, CLIENT2, with a smart card reader. For purposes of this guide, a stand-alone physical computer was used. This was required because Hyper-V does not allow for the use of USB devices and the smart card reader that was used is a USB smart card reader. The smart card reader that is used in this lab is a Gemalto GemPC Twin, but any smart card reader should work as long as the smart card reader is installed, has the correct drivers, and is working properly.

Important

This lab also requires a physical smart card. The smart cards that were used in this lab were Gemalto .NET v2+. However any smart card that is supported by FIM CM should work provided the appropriate mini-driver or middleware is installed.

The following is a brief explanation on the use of the x86 FIM CM client on a x64 OS when a 64-bit FIM CM client is available. The reason we are installing the x86 version is because the default version of Internet Explorer on Windows 7 is the 32-bit version. There currently is not a way to designate the default browser for Windows 7. In the future, we will demonstrate manager initiated workflow and this will error out if we have are using the 64-bit version of the client. This is because when you click on the link that is sent via email it will launch the 32-bit version of IE which does not have the ActiveX control installed if you installed the 64-bit client.

Attempting to adapt this Forefront Identity Manager 2010 Certificate Management User Smart Card Self-Service test lab configuration to a pilot or production deployment can result in configuration or functionality issues. To ensure proper configuration and operation for your pilot or production Forefront Identity Manager 2010 Certificate Management deployment, use the information in Deployment (http://go.microsoft.com/fwlink/?LinkId=210866).

This is a recommended update for the RTM of Forefront Identity Manager 2010 Certificate Management. This release provides additional product fixes since the last update release. (http://go.microsoft.com/fwlink/?LinkId=20457)

Step 1: Set up the Base Configuration—The Base Configuration is the core of all Test Lab Guide scenarios. The first step is to complete the Base Configuration.

Step 2: Set up the Exchange Server 2010 with Service Pack 1 TLG—The second step is to complete the Exchange Server 2010 with Service Pack 1 test lab guide. This provides Active Directory® attributes and e-mail functionality for FIM CM.

Step 3: Set up the SQL Server 2008 Enterprise with Service Pack 2 TLG—The third step is to complete the SQL Server 2008 Enterprise with Service Pack 2 test lab guide. This provides the database server for your FIM CM installation.

Step 5: Set up the FIM CM with Constrained Delegation, Update 1, and FIM TLG— The fourth step is to complete the FIM CM with Constrained Delegation, Update 1, and FIM Test Lab guide. This provides FIM CM to the test lab environment.

Step 7: Verify Self-Service— The seventh step includes verifying that self-service is working successfully.

This guide provides steps for configuring the computers of Forefront Identity Manager 2010 Certificate Management User Smart Card Self-Service. The following sections provide details about how to perform these tasks.